Metrics provided by Secrets Store CSI Driver
The Secrets Store CSI Driver uses opentelemetry for reporting metrics. This project is under active development
Prometheus is the only exporter that’s currently supported with the driver.
List of metrics provided by the driver
| Metric | Description | Tags |
|---|---|---|
| total_node_publish | Total number of successful volume mount requests | os_type=<runtime os> |
provider=<provider name> | ||
| total_node_unpublish | Total number of successful volume unmount requests | os_type=<runtime os> |
| total_node_publish_error | Total number of errors with volume mount requests | os_type=<runtime os> |
provider=<provider name> | ||
error_type=<error code> | ||
| total_node_unpublish_error | Total number of errors with volume unmount requests | os_type=<runtime os> |
| total_sync_k8s_secret | Total number of k8s secrets synced | os_type=<runtime os> |
provider=<provider name> | ||
| sync_k8s_secret_duration_sec | Distribution of how long it took to sync k8s secret | os_type=<runtime os> |
| total_rotation_reconcile | Total number of rotation reconciles | os_type=<runtime os> |
rotated=<true or false> | ||
| total_rotation_reconcile_error | Total number of rotation reconciles with error | os_type=<runtime os> |
rotated=<true or false> | ||
error_type=<error code> | ||
| rotation_reconcile_duration_sec | Distribution of how long it took to rotate secrets-store content for pods | os_type=<runtime os> |
Metrics are served from port 8095, but this port is not exposed outside the pod by default. Use kubectl port-forward to access the metrics over localhost:
kubectl port-forward ds/csi-secrets-store -n kube-system 8095:8095 &
curl localhost:8095/metrics
Sample Metrics output
# HELP sync_k8s_secret_duration_sec Distribution of how long it took to sync k8s secret
# TYPE sync_k8s_secret_duration_sec histogram
sync_k8s_secret_duration_sec_bucket{os_type="linux",le="0.1"} 0
sync_k8s_secret_duration_sec_bucket{os_type="linux",le="0.2"} 0
sync_k8s_secret_duration_sec_bucket{os_type="linux",le="0.3"} 0
sync_k8s_secret_duration_sec_bucket{os_type="linux",le="0.4"} 1
sync_k8s_secret_duration_sec_bucket{os_type="linux",le="0.5"} 1
sync_k8s_secret_duration_sec_bucket{os_type="linux",le="1"} 1
sync_k8s_secret_duration_sec_bucket{os_type="linux",le="1.5"} 1
sync_k8s_secret_duration_sec_bucket{os_type="linux",le="2"} 1
sync_k8s_secret_duration_sec_bucket{os_type="linux",le="2.5"} 1
sync_k8s_secret_duration_sec_bucket{os_type="linux",le="3"} 1
sync_k8s_secret_duration_sec_bucket{os_type="linux",le="5"} 1
sync_k8s_secret_duration_sec_bucket{os_type="linux",le="10"} 1
sync_k8s_secret_duration_sec_bucket{os_type="linux",le="15"} 1
sync_k8s_secret_duration_sec_bucket{os_type="linux",le="30"} 1
sync_k8s_secret_duration_sec_bucket{os_type="linux",le="+Inf"} 1
sync_k8s_secret_duration_sec_sum{os_type="linux"} 0.3115892
sync_k8s_secret_duration_sec_count{os_type="linux"} 1
# HELP total_node_publish Total number of node publish calls
# TYPE total_node_publish counter
total_node_publish{os_type="linux",provider="azure"} 1
# HELP total_node_publish_error Total number of node publish calls with error
# TYPE total_node_publish_error counter
total_node_publish_error{error_type="ProviderBinaryNotFound",os_type="linux",provider="azure"} 2
total_node_publish_error{error_type="SecretProviderClassNotFound",os_type="linux",provider=""} 4
# HELP total_node_unpublish Total number of node unpublish calls
# TYPE total_node_unpublish counter
total_node_unpublish{os_type="linux"} 1
# HELP total_sync_k8s_secret Total number of k8s secrets synced
# TYPE total_sync_k8s_secret counter
total_sync_k8s_secret{os_type="linux",provider="azure"} 1